I am using Ubuntu WSL on Windows 10. How to configure HTTP proxy with authentication on it?

2 Answers

cntlm proxy for NTLM authentication

I am assuming your proxy requires a NTLM based user authentication, which will not work with the credentials specified in $HTTP_PROXY. A NTLM capable proxy this required for that: e.g. cntlm.

Install cntlm proxy

The default way of installing the proxy would be to use sudo apt-get install cntlm, but without any proxy this will obviously fail. You need to manually download the package cntlm_0.92.3-1ubuntu2_amd64.deb and copy it into your WSL instance.

Install the package with

$ sudo dpkg -i cntlm_0.92.3-1ubuntu2_amd64.deb 

Configure cntlm proxy

The cntlm proxy requires proper NTLM-Proxy configuration in /etc/cntlm.conf:

# /etc/cntlm.con Domain Domain Username username Proxy 1.2.3.4:5678 NoProxy localhost, 127.0.0.*, 10.*, 192.168.* Listen 3128 

This is the minimal required configuration for cntlm. Test and verify cntlm with the following command:

$ cntlm -M cntlm: Starting cntlm version 0.92.3 for LITTLE endian cntlm: Proxy listening on 127.0.0.1:3128 cntlm: Workstation name used: hostname Password: 

If the authentication is successful, generate hashes for the authentication by using the -H switch:

$ cntlm -H cntlm: Starting cntlm version 0.92.3 for LITTLE endian cntlm: Proxy listening on 127.0.0.1:3128 cntlm: Workstation name used: somehost cntlm: Using following NTLM hashes: NTLMv2(1) NT(0) LM(0) Password: PassLM 123456789ABCDEF123456789ABCDEF12 PassNT 123456789ABCDEF123456789ABCDEF12 PassNTLMv2 123456789ABCDEF123456789ABCDEF12 # Only for user 'username', domain 'Domain' cntlm: Terminating with 0 active threads 

Add the three hashes PassLM, PassNT and PassNTLMv2 to the cntlm configuration file /etc/cntlm.conf. Then activate the proxy via systemd:

$ sudo systemctl restart cntlm 

Now the proxy should listen on your localhost at port 3128.

Configure proxy

Now you can configure the proxy as described in this post but use:

$ export http_proxy= $ export https_proxy= 
1

From your bash shell:

export http_proxy= 

and possibly

export https_proxy= 

Username and password are often Windows domain credentials. If the password contains any special characters, you may need to escape the special characters with a backslash to protect them from the shell. For example, if your Windows account is "gomer" with a password of "Pea$1rzz", and your proxy server is bluecoat.acme.com on port 8080, then you would say

export http_proxy= export https_proxy= echo $http_proxy echo $https_proxy 

should show the correct credentials. You'll need to do this for each shell. So, if you're wanting to do some work with apt, it may be more convenient to open a root shell

sudo bash 

before setting your proxies.

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy